Module: OpenSSL

Defined in:
lib/openssl/bn.rb,
lib/openssl.rb,
lib/openssl/ssl.rb,
lib/openssl/hmac.rb,
lib/openssl/x509.rb,
lib/openssl/pkcs5.rb,
lib/openssl/cipher.rb,
lib/openssl/digest.rb,
lib/openssl/marshal.rb,
lib/openssl/version.rb,
ext/openssl/ossl.c,
ext/openssl/ossl_bn.c,
ext/openssl/ossl_ts.c,
ext/openssl/ossl_kdf.c,
ext/openssl/ossl_ssl.c,
ext/openssl/ossl_asn1.c,
ext/openssl/ossl_hmac.c,
ext/openssl/ossl_ocsp.c,
ext/openssl/ossl_rand.c,
ext/openssl/ossl_x509.c,
ext/openssl/ossl_pkcs7.c,
ext/openssl/ossl_cipher.c,
ext/openssl/ossl_config.c,
ext/openssl/ossl_digest.c,
ext/openssl/ossl_engine.c,
ext/openssl/ossl_pkcs12.c,
ext/openssl/ossl_x509crl.c,
ext/openssl/ossl_x509ext.c,
ext/openssl/ossl_x509req.c,
ext/openssl/ossl_provider.c,
ext/openssl/ossl_x509attr.c,
ext/openssl/ossl_x509cert.c,
ext/openssl/ossl_x509name.c,
ext/openssl/ossl_x509store.c,
ext/openssl/ossl_ssl_session.c,
ext/openssl/ossl_x509revoked.c,
ext/openssl/ossl_ns_spki.c

Overview

Ruby-space definitions to add DER (de)serialization to classes

Info

‘OpenSSL for Ruby 2’ project Copyright © 2002 Michal Rokos <[email protected]> All rights reserved.

Licence

This program is licensed under the same licence as Ruby. (See the file ‘LICENCE’.) ++

Defined Under Namespace

Modules: ASN1, Buffering, KDF, Marshal, Netscape, OCSP, PKCS5, PKey, Random, SSL, X509 Classes: BN, BNError, Cipher, Config, ConfigError, Digest, Engine, HMAC, HMACError, OpenSSLError, PKCS12, PKCS7, Provider, Timestamp

Constant Summary collapse

VERSION =
"3.2.1"
OPENSSL_VERSION =

Version of OpenSSL the ruby OpenSSL extension was built with

rb_str_new2(OPENSSL_VERSION_TEXT)
OPENSSL_LIBRARY_VERSION =
rb_str_new2(SSLeay_version(SSLEAY_VERSION))
OPENSSL_VERSION_NUMBER =

Version number of OpenSSL the ruby OpenSSL extension was built with (base 16). The formats are below.

OpenSSL 3

0xMNN00PP0 (major minor 00 patch 0)

OpenSSL before 3

0xMNNFFPPS (major minor fix patch status)

LibreSSL

0x20000000 (fixed value)

See also the man page OPENSSL_VERSION_NUMBER(3).

INT2NUM(OPENSSL_VERSION_NUMBER)
LIBRESSL_VERSION_NUMBER =

Version number of LibreSSL the ruby OpenSSL extension was built with (base 16). The format is 0xMNNFF00f (major minor fix 00 status). This constant is only defined in LibreSSL cases.

See also the man page LIBRESSL_VERSION_NUMBER(3).

INT2NUM(LIBRESSL_VERSION_NUMBER)
OPENSSL_FIPS =
/* OpenSSL 3 is FIPS-capable even when it is installed without fips option */
#if OSSL_OPENSSL_PREREQ(3, 0, 0)
                    Qtrue
#elif defined(OPENSSL_FIPS)
		    Qtrue
#else
		    Qfalse
#endif

Class Method Summary collapse

Class Method Details

.debugObject

.debug=Object

.Digest(name) ⇒ Object

Returns a Digest subclass by name

require 'openssl'

OpenSSL::Digest("MD5")
# => OpenSSL::Digest::MD5

Digest("Foo")
# => NameError: wrong constant name Foo


63
64
65
# File 'lib/openssl/digest.rb', line 63

def Digest(name)
  OpenSSL::Digest.const_get(name)
end

.errorsObject

.fips_modeObject

.fips_mode=Object

.fixed_length_secure_compareObject

.secure_compare(a, b) ⇒ Object

call-seq:

OpenSSL.secure_compare(string, string) -> boolean

Constant time memory comparison. Inputs are hashed using SHA-256 to mask the length of the secret. Returns true if the strings are identical, false otherwise.



32
33
34
35
36
# File 'lib/openssl.rb', line 32

def self.secure_compare(a, b)
  hashed_a = OpenSSL::Digest.digest('SHA256', a)
  hashed_b = OpenSSL::Digest.digest('SHA256', b)
  OpenSSL.fixed_length_secure_compare(hashed_a, hashed_b) && a == b
end